Ce diaporama a bien été signalé.
Le téléchargement de votre SlideShare est en cours. ×

Cyber Kill Chain.pdf

Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Prochain SlideShare
Swin Transformer.pdf
Swin Transformer.pdf
Chargement dans…3
×

Consultez-les par la suite

1 sur 3 Publicité

Plus De Contenu Connexe

Plus récents (20)

Publicité

Cyber Kill Chain.pdf

  1. 1. Weaponization Define & Description: After the adversary has finished their reconnaissance and gathered all of the necessary information about potential targets, including vulnerabilities, they will then be able to weaponize their attack. Final step in an attack is developing malware to compromise a user or organization. To weaponize something means to develop new malicious software or to modify existing tools so that they can be used in cyberattacks. Both scenarios result in the production of a cyberweapon. Ransomware variants can be utilized by cybercriminals in the development of tools for the Cyber Kill Chain. It is possible to create the new device. During the stage known as "weaponization," attackers turn malware into a weapon. This requires prior planning and extensive research. The development of new strains of malware or modifications to existing cyberattack tools have the potential to turn malware into a weapon. Hackers modify pre- existing ransomware in order to create tools for the Cyber Kill Chain. Weaponization controls: Security-training Analysing malware payload and creation. Detecting weapons Examines malware creation and use. New malware may be active and custom, unlike older malware. Collecting files, metadata, and APT weaponized artefacts for digital forensics. Phishing emails can spread Microsoft Office malware. Malware artefacts can shed light on the difficult-to-detect weaponization phase of a cyberattack. Identifying weaponized artefacts is a strong defence. Tools Used: In order to weaponize something, two things must be developed: • RAT (Remote Access Trojan): When a remote access Trojan (RAT) is installed on a target system, it runs in the background and grants the intruder remote control. "System exploration, file upload or download, remote file execution, keystroke monitor, screen capture, webcam, or system power on/off," according to Yadav. • Exploit: This weapon component transports the RAT and exploits vulnerabilities in a target's operating system or application. Exploits attempt to circumvent a user's defences and install a RAT. Malware can be spread via PDFs, audio/video files, and websites.
  2. 2. Following the installation of a RAT, privilege escalation exploits may be used to gain administrative access to the target, allowing the attacker to spread the RAT further, gain permanent access to the system, or compromise the entire system. Mitigation Tools/ or Techniques I would suggest following security measures to CISO/CIO which can lessen the likelihood of weaponization and its consequences: • Putting together activities to educate the public on the importance of safety • studying malware not just in terms of its payload but also its creation process • Weaponize detection methods are currently under development. • Examining how long it takes for malicious code to make its way into the wild. Typically, older malware indicates a "off the shelf" purchase, while newly released malware may indicate ongoing, tailor-made operations. • Putting together a data set and associated metadata for use in a digital forensics’ analysis at a later date. • Investigating which APT campaigns share common weaponize artefacts is crucial.
  3. 3. References • https://heimdalsecurity.com/blog/cyber-kill-chain-model/ • https://www.forbes.com/sites/forbestechcouncil/2018/10/05/the-cyber-kill-chain- explained/?sh=71e1ac6f6bdf • https://www.eccouncil.org/cybersecurity-exchange/threat-intelligence/cyber-kill- chain-seven-steps- cyberattack/#:~:text=The%20Cyber%20Kill%20Chain%20is,can%20take%20i n%20each%20stage. • https://www.upguard.com/blog/cyber-kill-chain

×